133 static int audit_mount(struct aa_profile *profile, const char *op,  in audit_mount()  argument
145 		if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))  in audit_mount()
163 		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&  in audit_mount()
164 		    AUDIT_MODE(profile) != AUDIT_ALL)  in audit_mount()
181 	return aa_audit(audit_type, profile, &sa, audit_cb);  in audit_mount()
295 static int path_flags(struct aa_profile *profile, const struct path *path)  in path_flags()  argument
297 	AA_BUG(!profile);  in path_flags()
300 	return profile->path_flags |  in path_flags()
318 static int match_mnt_path_str(struct aa_profile *profile,  in match_mnt_path_str()  argument
328 	AA_BUG(!profile);  in match_mnt_path_str()
332 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt_path_str()
335 	error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,  in match_mnt_path_str()
336 			     &mntpnt, &info, profile->disconnected);  in match_mnt_path_str()
347 	pos = do_match_mnt(profile->policy.dfa,  in match_mnt_path_str()
348 			   profile->policy.start[AA_CLASS_MOUNT],  in match_mnt_path_str()
357 	return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,  in match_mnt_path_str()
375 static int match_mnt(struct aa_profile *profile, const struct path *path,  in match_mnt()  argument
383 	AA_BUG(!profile);  in match_mnt()
386 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in match_mnt()
390 		error = aa_path_name(devpath, path_flags(profile, devpath),  in match_mnt()
392 				     profile->disconnected);  in match_mnt()
397 	return match_mnt_path_str(profile, path, buffer, devname, type, flags,  in match_mnt()
404 	struct aa_profile *profile;  in aa_remount()  local
415 	error = fn_for_each_confined(label, profile,  in aa_remount()
416 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_remount()
426 	struct aa_profile *profile;  in aa_bind_mount()  local
444 	error = fn_for_each_confined(label, profile,  in aa_bind_mount()
445 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_bind_mount()
456 	struct aa_profile *profile;  in aa_mount_change_type()  local
468 	error = fn_for_each_confined(label, profile,  in aa_mount_change_type()
469 			match_mnt(profile, path, buffer, NULL, NULL, NULL,  in aa_mount_change_type()
479 	struct aa_profile *profile;  in aa_move_mount()  local
495 	error = fn_for_each_confined(label, profile,  in aa_move_mount()
496 			match_mnt(profile, path, buffer, &old_path, old_buffer,  in aa_move_mount()
508 	struct aa_profile *profile;  in aa_new_mount()  local
541 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
542 			match_mnt(profile, path, buffer, dev_path, dev_buffer,  in aa_new_mount()
545 		error = fn_for_each_confined(label, profile,  in aa_new_mount()
546 			match_mnt_path_str(profile, path, buffer, dev_name,  in aa_new_mount()
556 static int profile_umount(struct aa_profile *profile, struct path *path,  in profile_umount()  argument
564 	AA_BUG(!profile);  in profile_umount()
567 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in profile_umount()
570 	error = aa_path_name(path, path_flags(profile, path), buffer, &name,  in profile_umount()
571 			     &info, profile->disconnected);  in profile_umount()
575 	state = aa_dfa_match(profile->policy.dfa,  in profile_umount()
576 			     profile->policy.start[AA_CLASS_MOUNT],  in profile_umount()
578 	perms = compute_mnt_perms(profile->policy.dfa, state);  in profile_umount()
583 	return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,  in profile_umount()
589 	struct aa_profile *profile;  in aa_umount()  local
598 	error = fn_for_each_confined(label, profile,  in aa_umount()
599 			profile_umount(profile, &path, buffer));  in aa_umount()
609 static struct aa_label *build_pivotroot(struct aa_profile *profile,  in build_pivotroot()  argument
621 	AA_BUG(!profile);  in build_pivotroot()
625 	if (profile_unconfined(profile) ||  in build_pivotroot()
626 	    !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))  in build_pivotroot()
627 		return aa_get_newest_label(&profile->label);  in build_pivotroot()
629 	error = aa_path_name(old_path, path_flags(profile, old_path),  in build_pivotroot()
631 			     profile->disconnected);  in build_pivotroot()
634 	error = aa_path_name(new_path, path_flags(profile, new_path),  in build_pivotroot()
636 			     profile->disconnected);  in build_pivotroot()
641 	state = aa_dfa_match(profile->policy.dfa,  in build_pivotroot()
642 			     profile->policy.start[AA_CLASS_MOUNT],  in build_pivotroot()
644 	state = aa_dfa_null_transition(profile->policy.dfa, state);  in build_pivotroot()
645 	state = aa_dfa_match(profile->policy.dfa, state, old_name);  in build_pivotroot()
646 	perms = compute_mnt_perms(profile->policy.dfa, state);  in build_pivotroot()
652 	error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,  in build_pivotroot()
658 	return aa_get_newest_label(&profile->label);  in build_pivotroot()
664 	struct aa_profile *profile;  in aa_pivotroot()  local
674 	target = fn_label_build(label, profile, GFP_ATOMIC,  in aa_pivotroot()
675 			build_pivotroot(profile, new_path, new_buffer,  in aa_pivotroot()
698 	error = fn_for_each(label, profile,  in aa_pivotroot()
699 			audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,  in aa_pivotroot()